Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

The ZDNet article says the vulnerabilities were found in April, and "both SSD vendors whose products they've tested... have released firmware updates to address the reported flaws", but it would be good to get a clear answer from the horse's mouth.

I'd very much like to know if it affects the MX500 as well, since the researchers didn't look at current drives. I specifically bought a few MX500s due to the SED capability, so I'll be quite grumpy if I have to go back to software encryption and take the performance hit.

‎11-06-201801:07 PM - last edited on ‎11-12-201801:23 PM by Crucial_Guru

‎11-06-201801:07 PM - last edited on ‎11-12-201801:23 PM by Crucial_Guru

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Micron is aware of the Radboud University researchers’ report describing a potential security vulnerability in its Crucial MX100, MX200 and MX300 products. This vulnerability can only be exploited by an individual who is able to remove the drive from the system, has the relevant equipment, as well as knowledge of the drive’s electrical and firmware functionality.

Micron has developed firmware patches to address vulnerabilities in the MX100, MX200 and MX300 products. The MX100 and MX200 firmware updates are available today on crucial.com. The ETA for the MX300 firmware is planned for November 13, 2018.

Micron is committed to conducting business with integrity and accountability, which includes delivering best-in-class product quality, security, and customer support.

Can you please also confirm whether or not the MX500 is affected by any of the vulnerabilities highlighted in the Radboud research (as it was not included in their analysis), and if so, the relevant firmware version for that model as well?

Re: Hardware encryption bypass on MX100, MX200 and MX300 SSDs

Can you please also confirm whether or not the MX500 is affected by any of the vulnerabilities highlighted in the Radboud research (as it was not included in their analysis), and if so, the relevant firmware version for that model as well?